1more ransomware (virus) - Free Instructions

by Julie Splinters - - | Type: Ransomware

1more virus Removal Guide

What is 1more ransomware?

1more ransomware is a malicious Windows program whose goal is to extort money from users

1more ransomware1more ransomware is a malicious program made by cybercriminals for extortion purposes

1more ransomware is a ransomware-type virus that targets users of Windows operating systems. Ransomware is one of the most devastating computer infections out there, as it locks all personal files on the machine and then demands ransom for decryption software, which is not even guaranteed to work.

In the case of the 1more virus, a combination of RSA and AES encryption algorithms[1] is used to lock all data on the system. After this process is finished, victims would find that all their files have been stripped of their original icons, and a special extension is appended to each of them – “.[ID].1moredec@gmail.com.1more.”

If you tried to open any of the files, you wouldn't be able to, regardless of which application you would attempt to open it with – Windows would simply deliver an error that claims the type of file can't be opened. While data is encrypted, it is not corrupted, and cybercriminals are offering a decryptor – not for free, of course.

In the ransom note unlock-info.txt, which is delivered shortly after malware finishes its job, crooks claim that users have to pay ransom in bitcoin. For communication purposes, they provide two contact addresses – 1moredec@gmail.com and 1moredec@mailfence.com, although we do not recommend writing emails to hackers, as they can never be trusted.

First detected at the end of July 2022, this malware is a member of the VoidCrypt/Void ransomware family, with numerous releases before this one – Linda, Moonshadow, and Gilfillan are just a few examples we have already covered. As usual, we will provide more details about malware's operation and guide you through its removal and data recovery process.

Name 1more virus
Type Ransomware, file-locking virus
File extension .[ID].1moredec@gmail.com.1more
Ransom note unlock-info.txt
Contact 1moredec@gmail.com, 1moredec@mailfence.com
Family VoidCrypt
File Recovery The only secure way to restore files is by using data backups. If such is not available or were encrypted as well, options for recovery are minimal – we provide all possible solutions below
Malware removal Disconnect the computer from the network and internet and then perform a full system scan with SpyHunter 5Combo Cleaner security software
System fix Once installed on the system, malware might seriously damage some system files, resulting in crashes, errors, and other stability issues. You can employ FortectIntego PC repair to fix any of such damage automatically by replacing system corruption

The ransom note and what to expect

A ransom note is particularly important to cybercriminals, as it delivers all the crucial information which contains contact details, which increases the chance of victims paying the ransom. As a general rule, the note is either placed on the desktop or even opens automatically after data encryption is finished.

In this case, users are provided a note which is very typical of VoidCrypt versions and reads as follows:

All your files have been encrypted!

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail; 1moredec@gmail.com Write this ID in the title of your message : CW-SQ4539107682
In case of no answer in 24 hours write us to theese e-mails: 1moredec@mailfence.com
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.

Free decryption as guarantee
Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)

How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.
https://localbitcoins.com/buy_bitcoins
Also you can find other places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/information/how-can-i-buy-bitcoins/

It is not surprising that 1more ransomware authors are offering users the test decryption service. By doing so, they attempt to win users' trust and increase the chances of them paying in the hopes of retrieving their data.

1more ransomware virus1more ransomware delivers the ransom note soon after it finishes data encryption

While there have been plenty of cases where users actually received a working decryptor from cybercriminals behind ransomware, there is never a guarantee that it would happen to you. Therefore, paying the ransom is relatively risky and is not recommended by security researchers and the authorities. Instead, we recommend proceeding with malware removal and alternative methods of data recovery.

Step 1. Remove malware

Most users who get infected with ransomware straight out panic once they realize that their files can no longer be opened and used. While the reaction is understandable, it will not solve anything, as the infection has already occurred. Due to this panic state, some victims may make mistakes when dealing with the situation, which may lead to even more damage and permanent data loss. Therefore, it is important to take the correct steps in the correct order.

Often, cybercriminals establish a remote connection with the affected Windows machine with the so-called Command & Control server. Communication happens over the internet, so it is important that the device is disconnected from any networked connections. Here's how to do that quickly and efficiently:

  • Type in Control Panel in Windows search and press Enter
  • Go to Network and InternetNetwork and internet
  • Click Network and Sharing CenterNetwork and internet 2
  • On the left, pick Change adapter settingsNetwork and internet 3
  • Right-click on your connection (for example, Ethernet), and select DisableNetwork and internet 4
  • Confirm with Yes.

As soon as the network connection is severed, the attackers can no longer communicate with the affected device, which is a good time to begin 1more ransomware removal. The only way to effectively eliminate all the malicious files and the infection from the system is by performing a full system scan with powerful anti-malware software, such as SpyHunter 5Combo Cleaner or Malwarebytes.

In some cases, malware may start tampering with the deletion process, interfering with security software's operation. If that is the case, you should access Safe Mode and perform the full system scan from there. If you need help reaching Safe Mode, you can check the instructions at the bottom of this post.

Data recovery explained

There are two types of people when it comes to dealing with ransomware – those who think that their files are permanently lost and those who believe that they can recover everything as soon as they get rid of the malware by performing a full system scan. None of these groups of people are right.

First of all, data affected by fully-working ransomware is never corrupted but rather locked. Imagine it as a password that is unique to every victim and is extremely complex, consisting of randomly-generated alphanumeric characters. This makes it almost impossible for any computer currently in existence to successfully computer the correct password. In other words, only cybercriminals have access to the password and use this to their advantage.

Unfortunately, running a full system scan with security software would not result in data recovery, as the files would remain locked. At the same time, paying criminals is highly risky and may add to damages already suffered – losing money on top of locked files is a disaster. Unfortunately, there are plenty of users who suffer from these consequences.

Therefore, we recommend you employ alternative solutions for this problem – try data recovery software first:

  • Download Data Recovery Pro.
  • Double-click the installer to launch it.
    1more ransomware
  • Follow on-screen instructions to install the software.Install program
  • As soon as you press Finish, you can use the app.
  • Select Everything or pick individual folders which you want the files to be recovered from.
  • Press Next.
  • At the bottom, enable Deep scan and pick which Disks you want to be scanned.Select Deep scan
  • Press Scan and wait till it is complete.
  • You can now pick which folders/files to recover – don't forget you also have the option to search by the file name!
  • Press Recover to retrieve your files.Recover files

The above method may not always work, or at least not for all personal files. Unfortunately, the options are relatively limited at this point, and your best bet is to wait for a free decryptor that could be created by security researchers from security vendors. These links could help you find a decrytpion tool, although keep in mind that this scenario is not guaranteed and only possible if a flaw is found in ransomware's encryption process or if attackers' servers are seized[2] by authorities.

No More Ransom Project

Other useful tips

Ransomware is relatively unique when it comes to its operation. Data stealers, backdoors, and other similar infections operate silently so that users would not be able to delete them easily. Unlike these, ransomware does not hide its presence as soon as it finishes the encryption process.

Regardless, malware can still cause various issues when it comes to system operation, so we recommend running a scan with a powerful PC repair tool FortectIntego, as it can find and fix these irregularities. Otherwise, after malware removal, you may face stability issues such as system crashes with BSODs,[3] errors, and other failures.

We also recommend reporting the ordeal to your local authorities, as it can increase the chances of cybersecurity researchers creating a decryption tool. Also, don't forget to create working backups of your files to avoid ransomware effects in the future. Most importantly, ensure you are running SpyHunter 5Combo Cleaner, Malwarebytes, or another powerful anti-malware to prevent intrusions.

Offer
do it now!
Download
Fortect Happiness
Guarantee Download
Intego Happiness
Guarantee
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Fortect review | Terms of Use | Privacy policy | Refund Policy | Uninstall guide
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Download SpyHunter 5 Review »
Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions
Malwarebytes
Download | Review | Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.
Download Combo Cleaner Review »
Privacy policy | Terms of Use | Product Refund Policy | Uninstall Instructions

Getting rid of 1more virus. Follow these steps

Create data backups to avoid file loss in the future

One of the many countermeasures for home users against ransomware is data backups. Even if your Windows get corrupted, you can reinstall everything from scratch and retrieve files from backups with minimal losses overall. Most importantly, you would not have to pay cybercriminals and risk your money as well.

Therefore, if you have already dealt with a ransomware attack, we strongly advise you to prepare backups for future use. There are two options available to you:

  • Backup on a physical external drive, such as a USB flash drive or external HDD.
  • Use cloud storage services.

The first method is not that convenient, however, as backups need to constantly be updated manually – although it is very reliable. Therefore, we highly advise choosing cloud storage instead – it is easy to set up and efficient to sustain. The problem with it is that storage space is limited unless you want to pay for the subscription.

Using Microsoft OneDrive

OneDrive is a built-in tool that comes with every modern Windows version. By default, you get 5 GB of storage that you can use for free. You can increase that storage space, but for a price. Here's how to setup backups for OneDrive:

  1. Click on the OneDrive icon within your system tray.
  2. Select Help & Settings > Settings.
    Go to OneDrive settings
  3. If you don't see your email under the Account tab, you should click Add an account and proceed with the on-screen instructions to set yourself up.
    Add OneDrive account
  4. Once done, move to the Backup tab and click Manage backup.
    Manage backup
  5. Select Desktop, Documents, and Pictures, or a combination of whichever folders you want to backup.
  6. Press Start backup.
    Pick which folders to sync

After this, all the files that are imported into the above-mentioned folders will be automatically backed for you. If you want to add other folders or files, you have to do that manually. For that, open File Explorer by pressing Win + E on your keyboard, and then click on the OneDrive icon. You should drag and drop folders you want to backup (or you can use Copy/Paste as well).

Using Google Drive

Google Drive is another great solution for free backups. The good news is that you get as much as 15GB for free by choosing this storage. There are also paid versions available, with significantly more storage to choose from.

You can access Google Drive via the web browser or use a desktop app you can download on the official website. If you want your files to be synced automatically, you will have to download the app, however.

  1. Download the Google Drive app installer and click on it.
    Install Google Drive app
  2. Wait a few seconds for it to be installed. Complete installation
  3. Now click the arrow within your system tray – you should see Google Drive icon there, click it once.
    Google Drive Sign in
  4. Click Get Started. Backup and sync
  5. Enter all the required information – your email/phone, and password. Enter email/phone
  6. Now pick what you want to sync and backup. You can click on Choose Folder to add additional folders to the list.
  7. Once done, pick Next. Choose what to sync
  8. Now you can select to sync items to be visible on your computer.
  9. Finally, press Start and wait till the sync is complete. Your files are now being backed up.

Report the incident to your local authorities

Ransomware is a huge business that is highly illegal, and authorities are very involved in catching malware operators. To have increased chances of identifying the culprits, the agencies need information. Therefore, by reporting the crime, you could help with stopping the cybercriminal activities and catching the threat actors. Make sure you include all the possible details, including how did you notice the attack, when it happened, etc. Additionally, providing documents such as ransom notes, examples of encrypted files, or malware executables would also be beneficial.

Law enforcement agencies typically deal with online fraud and cybercrime, although it depends on where you live. Here is the list of local authority groups that handle incidents like ransomware attacks, sorted by country:

Internet Crime Complaint Center IC3

If your country is not listed above, you should contact the local police department or communications center.

Manual removal using Safe Mode

Important! →
Manual removal guide might be too complicated for regular computer users. It requires advanced IT knowledge to be performed correctly (if vital system files are removed or damaged, it might result in full Windows compromise), and it also might take hours to complete. Therefore, we highly advise using the automatic method provided above instead.

Step 1. Access Safe Mode with Networking

Manual malware removal should be best performed in the Safe Mode environment. 

Windows 7 / Vista / XP
  1. Click Start > Shutdown > Restart > OK.
  2. When your computer becomes active, start pressing F8 button (if that does not work, try F2, F12, Del, etc. – it all depends on your motherboard model) multiple times until you see the Advanced Boot Options window.
  3. Select Safe Mode with Networking from the list. Windows 7/XP
Windows 10 / Windows 8
  1. Right-click on Start button and select Settings.
    Settings
  2. Scroll down to pick Update & Security.
    Update and security
  3. On the left side of the window, pick Recovery.
  4. Now scroll down to find Advanced Startup section.
  5. Click Restart now.
    Reboot
  6. Select Troubleshoot. Choose an option
  7. Go to Advanced options. Advanced options
  8. Select Startup Settings. Startup settings
  9. Press Restart.
  10. Now press 5 or click 5) Enable Safe Mode with Networking. Enable safe mode

Step 2. Shut down suspicious processes

Windows Task Manager is a useful tool that shows all the processes running in the background. If malware is running a process, you need to shut it down:

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Click on More details.
    Open task manager
  3. Scroll down to Background processes section, and look for anything suspicious.
  4. Right-click and select Open file location.
    Open file location
  5. Go back to the process, right-click and pick End Task.
    End task
  6. Delete the contents of the malicious folder.

Step 3. Check program Startup

  1. Press Ctrl + Shift + Esc on your keyboard to open Windows Task Manager.
  2. Go to Startup tab.
  3. Right-click on the suspicious program and pick Disable.
    Startup

Step 4. Delete virus files

Malware-related files can be found in various places within your computer. Here are instructions that could help you find them:

  1. Type in Disk Cleanup in Windows search and press Enter.
    Disk cleanup
  2. Select the drive you want to clean (C: is your main drive by default and is likely to be the one that has malicious files in).
  3. Scroll through the Files to delete list and select the following:

    Temporary Internet Files
    Downloads
    Recycle Bin
    Temporary files

  4. Pick Clean up system files.
    Delete temp files
  5. You can also look for other malicious files hidden in the following folders (type these entries in Windows Search and press Enter):

    %AppData%
    %LocalAppData%
    %ProgramData%
    %WinDir%

After you are finished, reboot the PC in normal mode.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from 1more and other ransomwares, use a reputable anti-spyware, such as FortectIntego, SpyHunter 5Combo Cleaner or Malwarebytes

How to prevent from getting ransomware

Do not let government spy on you

The government has many issues in regards to tracking users' data and spying on citizens, so you should take this into consideration and learn more about shady information gathering practices. Avoid any unwanted government tracking or spying by going totally anonymous on the internet. 

You can choose a different location when you go online and access any material you want without particular content restrictions. You can easily enjoy internet connection without any risks of being hacked by using Private Internet Access VPN.

Control the information that can be accessed by government any other unwanted party and surf online without being spied on. Even if you are not involved in illegal activities or trust your selection of services, platforms, be suspicious for your own security and take precautionary measures by using the VPN service.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Julie Splinters
About the company Esolutions

References